Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-54792

    LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discover... Read more

    Affected Products : localsend
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2024-13978

    A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereferen... Read more

    Affected Products : libtiff
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2013-10059

    An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10055

    An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attac... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2013-10050

    An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10048

    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending speciall... Read more

    Affected Products : dir-300_firmware dir-600_firmware
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-52899

    IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.... Read more

    • Published: Nov. 26, 2024
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2024-56924

    A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account s... Read more

    • Published: Jan. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-26062

    An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-37108

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.0

    MEDIUM
    CVE-2025-37112

    A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cryptography

  • 6.0

    MEDIUM
    CVE-2025-37110

    A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2023-32251

    A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of async... Read more

    Affected Products : linux_kernel
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-23289

    NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to in... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-37111

    A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-50572

    An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5954

    The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through th... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0825

    cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.... Read more

    Affected Products : cpp-httplib
    • Published: Feb. 04, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-8399

    The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-8488

    The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_hfe_compatibility_option_callback ()function in all versio... Read more

    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 291335 Results